Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/b87e50-3510-420e-8bf5-c4a3a0a5a9b1/1/kt9kY-16BQ4necIVFRgAtvjd9vU.roa
File:                     kt9kY-16BQ4necIVFRgAtvjd9vU.roa (raw, json)
Hash identifier:          66gMsyaOtysX+kjpi4hM+Oe5TYeIKMy84VcIEuNL1pE=
Subject key identifier:   92:DF:64:63:ED:7A:05:0E:27:79:C2:15:15:18:00:B6:F8:DD:F6:F5
Certificate issuer:       /CN=23dd05eb7bd945c65df1873552dcc90cb2e17723
Certificate serial:       0196AFB311BBAB707BFFF622EDD6E6F8A27E
Authority key identifier: 23:DD:05:EB:7B:D9:45:C6:5D:F1:87:35:52:DC:C9:0C:B2:E1:77:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I90F63vZRcZd8Yc1UtzJDLLhdyM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/b87e50-3510-420e-8bf5-c4a3a0a5a9b1/1/kt9kY-16BQ4necIVFRgAtvjd9vU.roa
Signing time:             Thu 08 May 2025 11:41:10 +0000
ROA not before:           Thu 08 May 2025 11:41:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12400
IP address blocks:        185.105.176.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/b87e50-3510-420e-8bf5-c4a3a0a5a9b1/1/I90F63vZRcZd8Yc1UtzJDLLhdyM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/b87e50-3510-420e-8bf5-c4a3a0a5a9b1/1/I90F63vZRcZd8Yc1UtzJDLLhdyM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I90F63vZRcZd8Yc1UtzJDLLhdyM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 20:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:af:b3:11:bb:ab:70:7b:ff:f6:22:ed:d6:e6:f8:a2:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23dd05eb7bd945c65df1873552dcc90cb2e17723
        Validity
            Not Before: May  8 11:41:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=92df6463ed7a050e2779c215151800b6f8ddf6f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:49:5d:d0:49:f0:ef:4e:f1:cd:a4:70:11:a3:
                    53:79:4f:d7:eb:25:67:f4:6e:9a:30:53:93:54:ab:
                    76:8e:d0:8e:73:d1:48:3e:97:86:f7:e0:6e:af:cb:
                    cc:a2:e7:b0:91:b6:39:75:3a:00:bd:04:36:f4:8d:
                    b7:0e:b6:33:17:6c:f5:26:8c:8e:0a:45:e6:86:bc:
                    7d:76:68:ac:30:d9:44:ae:a2:41:fa:51:a3:96:03:
                    97:87:e3:6c:85:06:63:dc:6b:c1:97:04:9b:0b:39:
                    43:88:79:ae:f2:ae:e8:5b:86:c0:3d:7d:a1:93:d3:
                    a2:4a:96:ab:06:a1:b6:bc:9b:a0:d3:f3:66:d5:fc:
                    fc:1b:f3:58:87:31:b3:48:76:bf:71:56:94:00:d2:
                    e3:17:cf:73:08:60:02:e7:46:65:d7:7d:2f:40:92:
                    6d:0d:8e:72:c4:b2:52:9e:86:8d:05:da:89:dd:58:
                    cf:37:f1:75:6d:ac:79:80:0b:03:0c:f8:a8:87:e5:
                    6a:f5:a3:c2:fa:b2:ae:e5:4c:b0:29:ef:f2:b9:96:
                    17:e0:46:e8:c2:56:72:18:3b:dd:b5:79:7a:bc:92:
                    03:96:8f:36:78:91:e2:57:ee:a4:8d:ff:79:3f:e4:
                    53:27:4d:77:c4:c7:0a:f9:39:0c:bf:63:62:c8:dc:
                    2a:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:DF:64:63:ED:7A:05:0E:27:79:C2:15:15:18:00:B6:F8:DD:F6:F5
            X509v3 Authority Key Identifier:
                keyid:23:DD:05:EB:7B:D9:45:C6:5D:F1:87:35:52:DC:C9:0C:B2:E1:77:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I90F63vZRcZd8Yc1UtzJDLLhdyM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/b87e50-3510-420e-8bf5-c4a3a0a5a9b1/1/kt9kY-16BQ4necIVFRgAtvjd9vU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/b87e50-3510-420e-8bf5-c4a3a0a5a9b1/1/I90F63vZRcZd8Yc1UtzJDLLhdyM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.105.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         46:79:b9:b5:df:06:5e:96:7f:9d:ee:02:56:75:87:49:6c:26:
         9b:bd:a7:ff:5e:57:f8:8e:0d:be:f2:90:6e:78:fd:61:f9:5f:
         37:47:84:ee:8b:1e:37:73:3c:1d:aa:d0:ee:76:11:c8:0c:52:
         67:c3:46:96:82:40:cd:fc:26:17:59:90:57:33:4d:c4:43:44:
         05:5f:1b:bf:b9:d0:ba:47:45:d3:79:84:2b:45:a7:91:8d:00:
         6c:6f:c9:df:3b:21:ca:79:7d:b2:30:6f:aa:26:23:16:cf:58:
         ea:44:62:80:91:66:77:91:dd:a7:4a:35:6d:64:1f:37:3d:b7:
         67:61:94:14:d4:3a:47:4f:e9:f8:ad:38:14:8d:99:c9:7b:fe:
         6b:32:ca:39:18:f0:b0:7f:55:68:65:a9:76:51:94:4e:5e:0a:
         58:2f:45:ea:dd:10:47:7f:60:e9:3c:5c:fd:30:c2:72:72:38:
         34:09:d2:8f:07:b2:45:ac:88:6d:78:b5:fb:50:99:55:44:b8:
         17:c8:d4:91:65:d8:47:44:1f:31:dc:42:3e:36:bb:48:43:71:
         1c:83:2a:69:7c:c3:8b:c7:48:9e:c7:4c:39:9c:84:6a:bb:ff:
         8c:6f:47:39:09:4a:d1:15:8c:cd:03:9f:b8:92:d3:46:32:db:
         bf:8e:61:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZavsxG7q3B7//Yi7dbm+KJ+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzZGQwNWViN2JkOTQ1YzY1ZGYxODczNTUyZGNjOTBjYjJl
MTc3MjMwHhcNMjUwNTA4MTE0MTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmRmNjQ2M2VkN2EwNTBlMjc3OWMyMTUxNTE4MDBiNmY4ZGRmNmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA30ld0Enw707xzaRwEaNTeU/X6yVn
9G6aMFOTVKt2jtCOc9FIPpeG9+Bur8vMouewkbY5dToAvQQ29I23DrYzF2z1JoyO
CkXmhrx9dmisMNlErqJB+lGjlgOXh+NshQZj3GvBlwSbCzlDiHmu8q7oW4bAPX2h
k9OiSparBqG2vJug0/Nm1fz8G/NYhzGzSHa/cVaUANLjF89zCGAC50Zl130vQJJt
DY5yxLJSnoaNBdqJ3VjPN/F1bax5gAsDDPioh+Vq9aPC+rKu5UywKe/yuZYX4Ebo
wlZyGDvdtXl6vJIDlo82eJHiV+6kjf95P+RTJ013xMcK+TkMv2NiyNwqTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJLfZGPtegUOJ3nCFRUYALb43fb1MB8GA1UdIwQY
MBaAFCPdBet72UXGXfGHNVLcyQyy4XcjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTkwRjYzdlpSY1pkOFljMVV0ekpETExoZHlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9iODdlNTAtMzUxMC00MjBlLThiZjUt
YzRhM2EwYTVhOWIxLzEva3Q5a1ktMTZCUTRuZWNJVkZSZ0F0dmpkOXZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9iODdlNTAtMzUxMC00MjBlLThiZjUtYzRhM2EwYTVhOWIx
LzEvSTkwRjYzdlpSY1pkOFljMVV0ekpETExoZHlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWmwMA0G
CSqGSIb3DQEBCwUAA4IBAQBGebm13wZeln+d7gJWdYdJbCabvaf/Xlf4jg2+8pBu
eP1h+V83R4Tuix43czwdqtDudhHIDFJnw0aWgkDN/CYXWZBXM03EQ0QFXxu/udC6
R0XTeYQrRaeRjQBsb8nfOyHKeX2yMG+qJiMWz1jqRGKAkWZ3kd2nSjVtZB83Pbdn
YZQU1DpHT+n4rTgUjZnJe/5rMso5GPCwf1VoZal2UZROXgpYL0Xq3RBHf2DpPFz9
MMJycjg0CdKPB7JFrIhteLX7UJlVRLgXyNSRZdhHRB8x3EI+NrtIQ3EcgyppfMOL
x0iex0w5nIRqu/+Mb0c5CUrRFYzNA5+4ktNGMtu/jmFv
-----END CERTIFICATE-----